Certain characters should not be allowed in file names and in URLs to prevent hacking websites. Why allow a special character in a filename, when all that is needed is to rename the file to something that is accepted ? Simple.

Some idiot would end up naming a file !@$*)_+ or )(*&^%$#@! WHY would anyone allow such ? or at what character should we stop at ?

That's why certain characters are substituted (or, encoded/decoded), and that's why I think it needs fixing. I haven't checked every single character, but the ones I have checked are substituted with an underscore - the plus symbol isn't being substituted with an underscore - that's what is causing issues and is why I believe it needs a simple regex fix.

I guess I agree that it is not really a bug, but it is still something that deserves a little attention...

Forgive me for this request, if it generates problems, but it is a real world problem, in which a user wanted to attach a file named like: "k + k.txt" (without quotes, just a smaller example). On GNU/Linux, "+" is allowed in file names (remember the "/lost+found" default directory?).

Thank you, Derek, for the fix, but it does not work in my case (I tried the above example). I think you treat images, but I was thinking of text or archive attachments.